RancherOS support?
Closed this issue · 3 comments
Hi! This is not really a bug report so I hope it's OK if I ask a question here. I am looking to use RancherOS both for the Rancher management platform and for my Kubernetes hosts. Since everything in RancherOS runs as a container - including system services - I was looking for how to use fail2ban as a container, and found this repo. Has anyone tried docker-fail2ban with RancherOS? Does it work?
Thanks a lot in advance for your help!
I was able to get it working for sshd on RancherOS using the following docker-compose.yml. Note the F2B_LOG_LEVEL env is optional.
version: '3'
services:
fail2ban:
image: crazymax/fail2ban
restart: always
network_mode: host
cap_add:
- NET_ADMIN
- NET_RAW
environment:
F2B_LOG_LEVEL: DEBUG
volumes:
- ./data:/data
- /var/log:/var/log:roThe contents of ./data/jail.d/sshd.conf is as follows. Note that the only thing changed from the example is logpath.
[sshd]
enabled = true
chain = INPUT
port = ssh
filter = sshd[mode=aggressive]
logpath = /var/log/messages
maxretry = 5
After IPs are banned, you should see some data when running sudo iptables -L f2b-sshd from the host, like so:
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 218.92.0.246 anywhere reject-with icmp-port-unreachable
REJECT all -- 112.85.42.174 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
One thing I do find odd are DEBUG logs like these. It would be interesting to know if this is resolvable or if it has any negative impact.
2020-11-22 01:05:46,903 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-11-22 01:05:46,904 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
Hi @divThis, RancherOS is being deprecated and there won't be any further development according to Rancher, so I would recommend against using it. :)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.